Sie sind auf Seite 1von 20

Department of Computer Science and Engineering

EECS 3482: Introduction to Computer Security


Instructor: N. Vlajic
Date:
April 16, 2016

Final Examination
Instructions:

Examination time: 180 min.

Print your name and CSE student number in the space provided below.

This examination is closed book and closed notes.

There are 8 questions. The points for each question are given in square brackets, next to the
question title. The overall maximum score is 100.

Answer each question in the space provided. If you need to continue an answer onto the last
page, clearly indicate that and label the continuation with the question number.

Question

FIRST NAME:
LAST NAME:
STUDENT #:

_______________________
_______________________
_______________________

Points

/ 20

/ 15

/ 14

/ 10

/ 16

Total

/ 100

1. Multiple Choice

[20 points]

Circle the correct answer(s) for the following statements.


(1.1) Examples of deliberate act of trespass activity include ______________________.
(a)
human error
(b)
DDoS attack
(c)
shoulder surfing
(d)
extortion
(1.2) The ______________ is when the virus function is performed.
(a)
dormant phase
(b)
propagation phase
(c)
triggering phase
(d)
execution phase
(1.3) A(n) ______________ is an attempt to learn or make use of information from the system
that does not affect system resources.
(a)
inside attack
(b)
passive attack
(c)
outside attack
(d)
active attack
(1.4) When developing a security policy, which of the following steps should be performed
FIRST (relative to others).
(a)
obtain copies of mandatory regulations
(b)
gain management approval
(c)
seek acceptance from other departments
(d)
ensure policy is compliant with current working practices
(1.5) _____________________
is a discretionary set of directions designed to achieve
objectives of an established security policy.
(a)
guideline
(b)
standard
(c)
procedure
(d)
best practice
(1.6) Tactical planning in project management is:
(a)
long-term planning
(b)
mid-term planning
(c)
day-to-day planning
(d)
hour-to-hour planning

(1.7) On average, ______________ of all possible keys must be tried in order to achieve
success with a brute-force attack.
(a)
one-fourth
(b)
half
(c)
two-thirds
(d)
all keys have to be tried
(1.8) Which asymmetric key algorithm is used for securely generating common secrets in
commonly used network security protocols?
(a)
RSA
(b)
DES
(c)
AES
(d)
Duffie-Hellman
(1.9) Triple-DES algorithm applies the standard DES encryption/decryption 3 times, using the
same or different keys (K1, K2, K3). Which of the following Triple-DES keying options results in
the strongest (i.e., hardest to break) encryption?
(a)
All three keys are independent.
(b)
K1K2, and K1=K3.
(c)
K1=K2, and K1K3.
(d)
All three keys are the same.
(1.10) Homomorphic encryption is generally used to:
(a)
generate symmetric key offline
(b)
sign message digests in digital certificates
(c)
outsource computation to non-trusted entities
(d)
protect integrity of data in-rest
(1.11) A security engineer has recently installed a biometric system, and needs to tune it.
Currently the biometric system is rejecting too many valid, registered users. What adjustment
does the security engineer need to make?
(a)
Increase the False Accept Rate
(b)
Reduce the False Accept Rate
(c)
Increase the False Reject Rate
(d)
Reduce the False Reject Rate
(1.12) Exposure factor is defined as:
(a)
The probability that the threat will be realized.
(b)
The cost of a single loss.
(c)
The probability that a loss will occur in a years time.
(d)
The part of an assets value that is likely to be lost by a particular threat.

(1.13) After completing a risk assessment, an organization was able to reduce the risk through the
addition of detective and preventive controls. However, these controls did not remove all risk.
What options does the organization have for treating the remaining risk?
(a)
Accept, avoid, reduce, or transfer.
(b)
None the organization must accept the risk.
(c)
The organization must either accept or transfer the risk.
(d)
Does not apply: the remaining risk cannot be treated further.
(1.14) Which of the following is a legal term that pertains to a company (or individual) taking
reasonable security-related actions in order to avoid legal liability:
(a)
benchmarking
(b)
best practice
(c)
due care
(d)
gold standard
(1.15) In the NIST Cybersecurity Framework, Awareness and Training is a category that
corresponds to _________________ set of security functions.
(a)
Protect
(b)
Detect
(c)
Respond
(d)
Recover
(1.16) A TCP-SYN flood primarily aims to exhaust ______________ resources at its target.
(a)
bandwidth-related resources
(b)
memory-related resources
(c)
processing-related resources
(d)
none of the above
(1.17) Which of the following is NOT true for browser-based (i.e., puppetnet based) DDoS, from
the hackers point of view.
(a)
can be set up by compromising one single file on one single machine
(b)
results in attack traffic generated by trusted (non-blacklisted) machines
(c)
results in attack traffic generated by non-infected machines
(d)
results in attack-traffic that can be sustained, at the same rate, over a period
of time
(1.18) Which of the following are subcategories of Public Law?
(a)
Family Law
(b)
Tort Law
(c)
Administrative Law
(d)
Property Law

(1.19) US Patriot Act _______________________________________________.


(a)
aims to protect confidentiality and security of health data
(b)
regulates the governments use of private information
(c)
allows US law enforcement greater latitude in combating criminals and
terrorists
(d)
attempts to prevent illegal sharing of trade secrets
(1.20) US Security and Freedom Through Encryption Act was enacted to ______________ .
(a)
relax restrictions concerning the use of cryptographic products
(b)
strengthen restrictions concerning the sale and export of cryptographic products
(c)
restrict Government involvement in the manufacturing of cryptographic products
(d)
none of the above

2. Potpourri
2.1

[3 points]

[9 points]
CIA Interdependence

Recall that three important qualities of a systems security are:


availability. These three properties are often interdependent.

confidentiality, integrity, and

Give one example where the failure to protect confidentiality leads to a compromise of availability.
Be as specific as you can!
Solution:
Compromised password puts an attacker in the position to change the password, thus denying
future access by a legitimate user.

2.3

[3 points]

UNIX Permissions

In the below figure, annotate the meaning of each of the six indicated fields in the output of UNIXs
ls l command.

2.3

[3 points]

Traffic under DDoS

In the case of a bandwidth-based DDoS attack on a server, the amount of useful/user traffic that
reaches the server is impacted by the overall (useful+attack) traffic appearing on the server link.
(This phenomenon was discussed in class and is also depicted in the below figure.)
Which network/system parameter corresponds to the point A in the given graph and is of critical
significance in designing (or defending against) a DDoS attack? Briefly justify your answer.

Solution:
Link Capacity once the overall traffic exceeds the link capacity, some of the packets will get
delayed and/or dropped, which will result in the re-transmission of these packets, which will
ultimately make the matters worse. I.e., there will be fewer of new/first-time packets appearing on
the link, and the amount of useful traffic reaching the server will quickly start to drop/decline.

3. Encryption Potpourri
3.1

[15 points]

[5 points] Vigenere

The plaintext

was encoded using a Vigenere cipher, resulting in the ciphertext

Determine the keyword that was used for the cipher. Explain your work!
(Hint: Vigenere tables are not provided/required. Use mod expressions instead. Recall that letter
A, B, C, in the keyword imply a 0, 1, 2, shift in the ciphertext, respectively.)
Solution:
The encoding formula for Vigenere is

Ci = (Ti + Ki) mod 26


Now, write the given expression for each pair of plaintext-ciphertext characters.

I = (H + Ki) mod 26 -

Ki = 1

Y = (A + Ki) mod 26 -

Ki = 24

Z = (V + Ki) mod 26 -

Ki = 4

F = (E + Ki) mod 26 -

Ki = 1

Y = (A + Ki) mod 26 -

Ki = 24

R = (N + Ki) mod 26 -

Ki = 4

J = (I + Ki) mod 26 A = (C + Ki) mod 26 -

Ki = 1
Ki = 24

Now, we know that character A in a Vigenere keyword implies 0 shift between plaintext and
ciphertext characters.
Consequently, sift of 1 corresponds to B, shift of 25 corresponds to Y, and shift of 4 corresponds
to E.

Thus, the keyword is: BYE

3.2

[6 points] Symmetric Encryption

Suppose that Alice and Bob have previously established a secret shared key. At some later point
they want to establish an encrypted channel between them, but they want to verify that they are
both still in possession of the same secret key.
Now, in order to verify whether they are in possession of the same key, Alice proposes the
following solution/protocol: Alice generates a string of random bits of length equal to the keys
length, XORs the random bits and her copy of the key and sends the result to Bob. Bob receives
the message, XORs the result with his copy of the key and sends the result back to Alice who can
verify whether the bits B sent her match her original random string. If the bits match, A and B must
have used (i.e., are in possession of) the same key.
Is this protocol a good idea? Explain!
Recall: XOR (exclusive OR) is a logical operation that outputs true only when inputs differ, as
shown in the below table.

Solution:
The solution is NOT a good idea - an attacker can get the key by simply XORing the two
messages that are exchanged.

Namely, as can be concluded from the table, XOR has the following properties:

XX=0
(XY)Z=X(YZ)
Now, what Allice sends over the air is:

KR, where K is the secret key and R is a random sequence.


What Bob calculates on his end and then sends over the air is:

(KR)K which is in fact R alone


So, the attacker sees in the air first KR,
By XOR-ing

3.3

KR

and

and then he sees R.

the attacker can obtain the K

alone.

[4 points] RSA Parameters


10

Assume Alice has decided to generate her RSA keys (public and private) using the following
values of the key RSA parameters: e=1, p=5, q=7.
Apart from these not being very large numbers, what other most concerning problem(s) would
such values of the given parameters result in? Explain!
Solution:
In RSA, public key is composed of (n, e), where n=pq. In this case, n=35.
The RSA encryption using public key is performed as C = Pe mod n, and is used to protect the
confidentiality of plaintext (P).
Clearly, in cases where P is short (i.e., less than n), the encryption will result in C = P
In other words, with e=1, there is no encryption, the message is sent as is.
http://math.bme.hu/~gabor/crypto2009ttSol.pdf

11

4. Password Cracking
4.1

[14 points]

[9 points]

Consider a system that requires 8-character long passwords. Further assume that the password
policy restricts users to choosing passwords in the character set [0-9, a-z, A-Z, !, *], and requires
the use of characters from at least two different categories, where the categories are {0-9, !, *},
{a-z}, {A-Z}.
How many different (valid) passwords of 8 characters exist in this system? (I.e., passwords that
satisfy the required criteria.)

Solution:
There are 64 possible characters altogether, and with the password length of 8, the overall
number of possible passwords is 648.
However, some of these passwords are not valid. In particular, the passwords in which all
characters belong to only one of the three given groups

- Passwords that contain only characters {0-9, !, *} there is 128 of such


passwords
- Passwords that contain only characters {a-z} there is 268 of such passwords
- Passwords that contain only characters {A-Z} there is 268 of such
passwords
Therefore, the number of valid passwords is

648 128 2*(268)

12

4.2

[5 points]

Now, consider a system that requires 4-charact long passwords, and passwords are composed of
[0-9, a-z]. The administrators of this system realize that such passwords are not strong enough;
hence they are currently looking at two possible changes to their password policy:
Proposal 1: Keep password length at 4, but extend the existing (allowed) character set by
five additional special characters {!, *, @, #, $}, or
Proposal 2: Keep the allowed character set as is, but increase the password size to 6,
while specifically requiring that all passwords end with 2 digits.
Which of the two proposals is better? Why?

Solution:
The size of the original password space is: 364
With Proposal 1, the new password space is: (36+5)4 = 2825761
With Proposal 2, the new password space is: (36)4*(10)2 = 167961600

Proposal 2 is better, as it results in larger overall password space.

13

5. Authentication & Access Control


5.1

[10 points]

[6 points] Authentication Protocol

Consider the following protocol, which has two main goals: 1) the establishment of a common key
between two parties (Alice and Bob in this case), and 2) mutual authentication of those two
parties. The protocol employs a key distribution center, and assumes exchange of four messages,
as shown in the picture below.
However, a closer inspection will reveal that the given protocol is quite insecure.
Your task is to identify the most obvious vulnerability of the given protocol, and explain/describe it
in sufficient detail.

(TTL Time To Live in the above figure specifies the amount of time that the key will be exclusively reserved for
communication between Alice and Bob.)

Solution:
Most obvious vulnerability:

Notice that the ticket to Bob in message (2) does not include Alices name. If Mallory is also a
system user with privileges to service Bob, she can ask for a ticket to Bob. It receives a ticket, and
learns the common key KMB. Then, it sends the message to service Bob claiming to be Alice.
Since it can compute KMB{Alice}, Bob will agree to share key KMB with Mallory (thinking her to
be Alice), and will grant the appropriate services.

http://www.cs.fsu.edu/~breno/CIS-5357/assignments/midterm-practice.pdf

14

5.1

[4 points] Access Control

Consider a system that uses the Bell-LaPadula model to enforce confidentiality and, at the same
time, the Biba model to enforce integrity. The system employs 4 security levels: A, B, C, D, where
A > B > C >D. (> stands for higher.)
If security classes where the same as integrity classes, what objects would a given user/process
in such a system be able to access? Would such a system be useful in practice? Explain!

Solution:
E.g., let us consider a user/object at level B.
According to Bell-LaPadula: B cannot read to A, and cannot write to C and D.
According to Biba: B cannot read C and D, and cannot write to A.
Based on the above, B would be able to read and write only objects at his own security
level, and would NOT be able to either read or write at/from any other security level.
This scheme is far too restrictive to be used in practice. The processes are completely conned to
their compartments. In reality, processes often need to be able to read data (at least) in
compartments that their compartment dominates.
http://nob.cs.ucdavis.edu/classes/ecs153-2008-01/exams/sammidans.pdf

15

6. Biometrics

[8 points]

A biometric identification scheme usually has a threshold parameter T such that increasing T
makes it harder to pass, and decreasing T makes it easier. The false accept rate FAR(T)
decreases with increasing T, while the false reject rate FRR(T) increases.
Now, assume a system where T is a value in the range [0, 1], and FAR and FRR change
according to:
FAR(T) [%] = 50 48*T
FRR(T) [%] = 4 + 7.2*T
Furthermore, assume the system is set to operate in a mode that achieves a balance between
FAR and FRR.
In March 2016, this system has performed 7000 authentications. How many of these
authentications/users have been falsely rejected from accessing the system?

Solution:
Given that the system is set to achieve a balance between FAR and FRR, it implies that T is set to
ensure that FAR(T) = FRR(T).
50 48*T = 4 + 7.2*T,

46 = 55.2 T,

T = 0.833

For the given T, we obtain: FRR(T) = 4+ 7.2*0.833 10 %


Consequently, we conclude that 7000*10% = 700 users have been falsely rejected from
accessing the system.

16

7. Cryptographic Hashing

[8 points]

7.1
[4 points] Suppose there is a proposal for a new message digest algorithm that:
(1) breaks a message into 160-bit chunks;
(2) applies XOR operation to all the chunks to get a 160-bit result; and
(3) applies a traditional hash function (SHA-1) to the result.
What hash property does this new digest algorithm break and why?
Solution:

XOR of different pairs may result in the same value (e.g., 1111 _ 1111 == 0000 _
0000), so this hash variant will not be collision-free.

7.2
[4 points] Complete the following two sentences so that they result in correct definitions
of Weak Collision Resistance and Strong Collision Resistance. You are allowed to use only the
following strings: {X, X, h(X), h(X)} when completing the sentences.
Also, indicate which definitions refers to Weak and which to Strong Collision Resistance.

__Strong__ Collision Resistance: It is impossible to find any two pairs of ___X___


, ___X___ such that ___h(X)____ = ___h(X)____ .

_Weak__ Collision Resistance:

Given

___X____

and

___h(X)____, it is

impossible to find any ___X____ such that ___h(X)____ = ___h(X)____ .

17

8. Risk Management

[16 points]

8.1
[6 points] An organization has two unprotected information assets, as shown in the
table below. Which vulnerability should be first evaluated in the course of the risk management
process? Which one should be evaluated last?
Asset 1

Asset 2

This is a switch that has two vulnerabilities.


The first involves a hardware failure likelihood of 0.2 and the second
involves a buffer attack of likelihood 0.1.
The switch has an impact rating (value lost by exploiting a
vulnerability) of 70.
Assumptions made on this asset have a 90% certainty.
This is a web server that deals with e-commerce transactions.
It has one vulnerability, which involves the possibility of a DDoS attack,
with a likelihood of 0.1.
The web server has an impact rating (value lost by exploiting a
vulnerability) of 100.
Assumptions made on this asset have a 40% certainty.

Solution:
Note, all the vulnerabilities are currently unprotected, i.e., there are NO current controls
implemented => CC in the below formulas = 0.
Asset 1, Vulnerability 1:

R = P*V - CC*P*V + UK*P*V = 0.2*70 + (1-0.9)*0.2*70 = 14 + 1.4 = 15.4


Asset 1, Vulnerability 2:

R = P*V - CC*P*V + UK*P*V = 0.1*70 + (1-0.9)*0.1*70 = 7 + 0.7 = 7.7


Asset 2, Vulnerability 1:

R = P*V - CC*P*V + UK*P*V = 0.1*100 + (1-0.4)*0.1*100 = 10 + 6 = 16


The vulnerability to be evaluated first for (further) risk control is:
Asset 2, Vulnerability 1.
The vulnerability to be evaluated last for (further) risk control is:

Asset 1, Vulnerability 2.

18

8.2
[10 points] WebX - an Internet e-commerce company - runs a web-site (7 days a week,
24 hours a day). The web-site generates an average of $2,000 per hour in revenue from customer
orders.
The risk management experts of the company have observed that each incident of denial of
service (DoS) on WebXs web-server results in a measurable financial loss for the company
amounting to 0.1% of the web-sites annual revenue. The experts have also estimated that after
each DoS incident, the company needs to spend $10,000 in advertising to counteract the negative
publicity from the incident. Statistically, DoS attacks on WebXs web-server occur once every 3
months, and put the WebXs web-site out of service for an average of 6 hours.
Currently, the WebXs risk management experts are debating the implementation of a
sophisticated intrusion detection and prevention system (IDPS). The one-time cost of this system
is $90,000. Once implemented, the system would have to be regularly updated/managed by
WebXs Information Security staff. The work on the systems update/management would amount
to an average of 50 hours per month. The average hourly wage of WebXs Information Security
staff is $50. With the IDPS system in place, DoS attacks would be occurring (only) twice a year,
would last (only) 3 hours, and would result in only a half of the original annual revenue loss
(0.05%). The cost of counteracting the negative publicity from the incident would remain
unchanged.
Calculate the ROI for the considered IDPS system. (For full credit, you must clearly show the
procedure that you took to get your answer.)
Would it be financially justifiable for WebX to deploy the considered system, and if so at
which point in time? Justify your answer!

Solution:
http://technet.microsoft.com/en-us/library/cc751213.aspx
http://www.opsec.com/solutions/partners/downloads/Spire-Security-Firewall-Economics-whitepaper.pdf

PRIOR:
Annual Revenue = 24*365*$2,000 = $1,752,000
SLEprior = indirect loss of revenue + cost of advertising + direct loss (site not working) =
= 0.001*$17,520,000 + $10,000 + 6*$2,000 =
= $17,520 + $10,000 + $12,000 = $39,520
AROpior = once every 3 months = 4 times a year = 4
ALEprior = SLE * ARO = 4 * $ 39,520 = $158,080

POSTERIOR:
SLEpost = indirect loss of revenue + cost of advertising + direct loss (site not working) =
= 0.0005*$17,520,000 + $10,000 + 3*$2,000 =
= $8,760 + $10,000 + $6,000 = $24,760
AROpost = 2
19

ALEpost = $49,520
ACS = $90,000 + 12*50*$50 = $120,000
ROI in 1st year = ALEprior ALEpost ACS = $158,080 - $49,520 - $120,000 = -$11,440
---------------------------------------------------------------------------------------------------------------------------After 2 years:
ALEprior = 2*$158,080 = $316,160
ALEpost = 2*$49,520 = $99,040
ACS = $90,000 + 2*12*50*50 = $90,000 + $60,000 = $150,000
ROI in 2nd year = ALEprior ALEpost CS = $316,160 - $99,040 - $150,000 = $67,120
It would be financially justifiable to employ the system in the 2nd year.

20